Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-8048

Published: 27/03/2018 Updated: 22/11/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Debian Linux

Vulnerability Summary

In the Loofah gem up to and including 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 9.0

loofah project loofah

Vendor Advisories

Debian CVElist Bug Report Logs: ruby-loofah: CVE-2018-8048
Debian Bug report logs - #893596 ruby-loofah: CVE-2018-8048 Package: src:ruby-loofah; Maintainer for src:ruby-loofah is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 20 Mar 2018 09:15:01 UTC Severity: important Ta ...
Debian Security Advisories: DSA-4171-1 ruby-loofah -- security update
The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments This might allow to mount a code injection attack into a browser consuming saniti ...
Red Hat: CVE-2018-8048
In the Loofah gem through 220 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment ...

Github Repositories

https://github.com/danielmoore-info/todoappnotes

todoappnotes

We assessed commit # 0da6c131ca38de43f3236b6da739912321074fd9 Findings Weak Password Policy Description The application has a weak password policy allowing user's to have a 6 character password This configuration seen on the following line of code githubcom/selinafeng/todo-app/blob/f6cc0df12a8617644b1c6b5781c6d33fd6ae5414/config/initializers/deviserb#L162 Recomm

https://github.com/jason44406/simple_cms

A Simple CMS app

README This is the Rails 5 project I originally named it Lynda-Rails-5-Project, as it was part of the Ruby on Rails 5 Essential training This README would normally document whatever steps are necessary to get the application up and running This is a test project I do what I want Things you may want to cover: Ruby version System dependencies Configuration Database

https://github.com/jason44406/Depot

A Bookstore

README This README would normally document whatever steps are necessary to get the application up and running Things you may want to cover: Ruby version - 231 Rails version - 513 System dependencies Configuration Database creation Database initialization How to run the test suite - 'rails test' Services (job queues, cache servers, search engines,

References

CWE-79https://github.com/flavorjones/loofah/issues/144http://www.openwall.com/lists/oss-security/2018/03/19/5https://www.debian.org/security/2018/dsa-4171https://security.netapp.com/advisory/ntap-20191122-0003/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893596https://nvd.nist.govhttps://github.com/danielmoore-info/todoappnoteshttps://www.debian.org/security/./dsa-4171
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook